]]>OTTAWA — The federal privacy czar says there are instances when police may not need a warrant to obtain “very limited sets” of Internet customer information.

There could be a way to meet at least some law-enforcement demands for warrantless access to information while respecting a key Supreme Court of Canada ruling, privacy commissioner Daniel Therrien said in an interview.

In June last year, the Supreme Court ruled police must have a judge’s authorization to obtain customer data linked to online activities.

The high court rejected the notion the federal privacy law governing companies allowed them to hand over subscriber identities voluntarily.

Police say telecommunications companies and other service providers — such as banks and rental companies — now demand court approval for nearly all types of requests from authorities for basic identifying information.

The top Mountie said the Supreme Court ruling curtailing the flow of basic data about customers — such as name and address — had “put a chill on our ability to initiate investigations.”

Therrien noted that in keeping with the court’s ruling, subscriber information largely raises reasonable expectations of privacy and therefore a warrant would be needed to obtain it.

“Normally it will, largely it will,” Therrien said. “But there may be some elements of information that would not raise reasonable expectations of privacy. So there may be some room for an administrative regime for very limited sets or circumstances of information — I recognize that.”

Therrien said it was difficult to provide a specific example of the kind of information that might be accessible to police under an administrative scheme, but invoked the analogy of the public telephone book.

“Telephone numbers, perhaps, in certain circumstances might not attract a reasonable expectation of privacy. I wouldn’t go beyond that, and even then it depends on the circumstances,” he said.

“But if the RCMP is asking to have administrative access for large amounts of information, well, that clearly would go against what the Supreme Court said.”

Rogers Communications has said that prior to the Supreme Court ruling, it was company policy when presented with a listed phone number to confirm basic customer information like name and address, so that police didn’t issue a warrant for the wrong person or company.

Rogers also had a special process to help with child sexual exploitation investigations by confirming a customer’s name and address when provided with a computer’s Internet Protocol (IP) address. This would allow police to obtain a search or arrest warrant.

Since June 2014, the company said, it has responded to these two kinds of requests only when presented with a court order or warrant, or in emergency circumstances as defined by the Criminal Code.

]]>OTTAWA — Canada’s electronic spy agency says it gathers and sometimes keeps personal information — including names and email addresses of Canadians — as part of efforts to protect vital networks from cyberattacks.

Communications Security Establishment Canada maintains an information bank containing the personal information of “potentially any individual” who communicates electronically with a key federal computer network while CSEC is assessing its vulnerability.

Information in the bank — known as CSEC PPU 007 — is held for up to 30 years before being transferred to Library and Archives Canada, says a description in the federal Info Source guide, which lists the various categories of personal information held by the government.

“Personal information may be used to assess potential threats to information technology systems subject to the assessment, and to help ensure the security of these electronic systems,” the notice says.

The listing sheds light on a little-known aspect of CSEC’s work — threat assessments and technical analyses aimed at strengthening federal defences against foreign cyberattacks on government computers.

The Ottawa-based spy agency has come under intense scrutiny in recent months due to leaks by a former contractor for the National Security Agency, CSEC’s American counterpart and close working ally.

CSEC insists it targets only foreign communications — from email to satellite traffic — of intelligence interest to Canada. However, the spy service acknowledges it cannot monitor global communications in the modern era without sweeping up at least some Canadian information.

As a result, CSEC’s cyberdefence activities are permitted through special authorization of the federal defence minister. Otherwise, they would risk contravening the Criminal Code provision against intercepting the private communications of Canadians.

Records recently obtained under the Access to Information Act say CSEC planned to focus its cyberdefence operations in 2012-13 on its own computer networks and those of three other federal institutions: National Defence, Foreign Affairs and Shared Services Canada, which administers the federal secure communication channel, known as SC Net.

Information from the databank may be shared with domestic police agencies “or foreign bodies” in keeping with formal agreements, the listing says.

The foreign bodies are surely CSEC’s Five Eyes partners — the U.S. NSA and similar agencies in Britain, Australia and New Zealand, said Wesley Wark, a visiting professor at the University of Ottawa’s graduate school of public and international affairs.

Wark called it “remarkable” that information can be held for 30 years.

“What this material does not tell us, of course, is the extent of the personal information held as a result of cybersecurity activities,” he noted.

The notes released under Access to Information say that if CSEC intercepts a private Canadian communication under ministerial authorization, “it can only be used or retained if it is deemed essential to international affairs, defence or security.”

Information collected during an assessment of a federal agency’s computer systems — including personal data — is destroyed once the test is complete, or sooner if it is not needed to “identify, isolate or prevent harm” to the network, said CSEC spokesman Ryan Foreman.

In some cases, Foreman indicated, the personal information of a Canadian may be kept if a foreign cyberattacker engages in phishing — an attempt to compromise a government department’s system by sending a carefully crafted email that appears to originate from a known or trusted sender.

In other cases, a known piece of malware might be retained and used to prevent future cyberattacks, he said.

Asked Wednesday if Canadians have anything to fear, Defence Minister Rob Nicholson said CSEC works well.

“There’s an independent commissioner who reports every year and has found CSEC is compliant with Canadian law and privacy laws,” he said.

Speaking to a group of senators Wednesday, Wark characterized the commissioner’s annual reports as insider exercises that tell Canadians little.

He challenged senators to read one of the reports and “make any sense of it.”

]]>http://www.macleans.ca/politics/ottawa/electronic-spy-agency-gathers-personal-info-in-cyberdefence-role/feed/0Clement orders look at feds use of social media datahttp://www.macleans.ca/politics/ottawa/clement-orders-look-at-feds-use-of-social-media-data/
http://www.macleans.ca/politics/ottawa/clement-orders-look-at-feds-use-of-social-media-data/#respondThu, 08 May 2014 22:16:52 +0000http://www.macleans.ca/?p=552197Order comes after interim privacy commissioner raised concerns about government using data from Facebook and Twitter

]]>OTTAWA – Treasury Board President Tony Clement has asked his officials to look into concerns about the federal collection of personal information from social networking sites like Facebook and Twitter.

In a letter to interim privacy commissioner Chantal Bernier, Clement says staff have been directed to study the matter, work with the commissioner’s office and report back to him.

The minister’s March 31 letter to Bernier came in response to her February fears that government institutions were gathering information from social media sites without regard for accuracy, currency and accountability — contrary to the federal Privacy Act.

Bernier urged Clement to devise “clear, mandatory guidance” on the collection and use of such information given that departments could rely on it to make administrative decisions about people.

In a recent investigation into collection of information from an aboriginal activist’s personal Facebook page, the privacy commissioner’s office took the position that such data can be lawfully gathered only when there’s a direct connection to the agency’s operating programs or activities.

Bernier’s office says it has seen other proposals from government departments to collect personal details from social media sites.

“We are pleased that Treasury Board Secretariat has agreed to look into this issue,” her office said in a statement Thursday.

Clement indicated in the House of Commons that federal agencies were monitoring social media to learn what the public thinks about vital issues.

“Whether it’s in a letter, or a petition, or written on the street, this government always wants to listen to Canadians who want to be heard.”

Clement said the government “must and will” follow the Privacy Act. “We are always willing to engage with the privacy commissioner to make sure that … our laws and the oversight of government is modern for the 21st century,” he said.

Clement’s written reply to Bernier, made public Thursday, says social media helps the government learn about Canadians’ views “in an extremely timely manner.”

“I am sensitive to the need to respect privacy concerns while carrying out this important work,” his letter says.

“I have asked my officials to study this matter, collaborate with your officials and report back to me in the coming months.”

Leslie pointed to newly published research on surveillance in Canada that says personal information is flowing between the public and private sectors in unprecedented ways.

Data gathered for one purpose may easily be used for another when public and private organizations share data, flying in the face of fair information practices, says “Transparent Lives: Surveillance in Canada.”

The book, a collaborative effort by leading Canadian researchers who identify nine key trends, is being launched at a conference this week at the University of Ottawa.

Leslie said that given private monitoring of the public and numerous government data breaches, the Conservatives should be “hanging their heads in shame, not patting themselves on the back.”

]]>http://www.macleans.ca/politics/ottawa/clement-orders-look-at-feds-use-of-social-media-data/feed/0Fake online identity used by 50% of kids: pollhttp://www.macleans.ca/news/fake-online-identity-used-by-50-of-kids-poll/
http://www.macleans.ca/news/fake-online-identity-used-by-50-of-kids-poll/#respondFri, 21 Feb 2014 14:54:45 +0000http://www.macleans.ca/?p=511785Sixty per cent said they'd be willing to share their passwords

]]>TORONTO – A report examining how Canadian kids view Internet privacy found about half have assumed a fake identity or misrepresented their age online, while about 60 per cent said they’d be willing to share their passwords with family or friends.

“Shielding one’s identity online is a practice that appears to be learned young and is used consistently by a significant number of students of all ages,” states the report by the non-profit organization MediaSmarts. The report is based on surveys conducted last year with 5,436 students from across the country in grades 4 through 11.

Despite the growing number of headlines about the risks of sharing too much online, many survey respondents suggested they were lax about guarding their privacy and personal information on the Internet.

About one in four kids said they’d trust their best friends to have access to their online accounts, while 16 per cent of the students in grades 7 through 11 said they’d let their boyfriend or girlfriend log in to their accounts.

The kids were far more likely to give their parents access to their passwords, with 41 per cent saying they’d let their mom or dad into their accounts.

The boys were more likely to say they wouldn’t share their passwords with anyone — including their parents — with 46 per said saying so, compared to 35 per cent of the girls.

Nearly half of all the kids said they had created online accounts under phoney names, sometimes to protect their privacy. But some admitted they did it for somewhat malicious reasons.

About one in three said they posted under a fake name to play a joke on someone and 10 per cent said they did so to “be mean to someone without getting into trouble.” Another 13 per cent said they used a false identity to flirt with someone online.

Another common reason to use a fake identity online was to access websites that bar youngsters from registering.

Just one in five Grade 4 kids said they lied about their age to get access to a website. But roughly one in three third graders, half of the Grade 6, 7, 8 and 9 students and about two in three of the tenth and eleventh graders were misrepresenting their real age on at least one website.

Not surprisingly, there was a big range in students’ willingness to have their parents supervise their time online, with the older kids much more reluctant to share the details of their digital lives.

Nearly eight in 10 of the fourth graders agreed with the statement “parents should keep track of their kids online all the time,” compared to just one in four of the eleventh graders.

And eight in 10 of the oldest kids in the survey agreed with the statement “parents should not listen in on their kids’ online conversations or read their texts,” compared to four in 10 of the fourth graders.

]]>SAN JOSE, Calif. – Google’s attorneys say their long-running practice of electronically scanning the contents of people’s Gmail accounts to help sell ads is legal, and have asked a federal judge to dismiss a lawsuit that seeks to stop the practice.

In a federal court hearing Thursday in San Jose, Google argued that “all users of email must necessarily expect that their emails will be subject to automated processing.”

The lawsuit, filed on behalf of 10 individuals, is expected to be certified as a class action and is widely seen as a precedent-setting case for other email providers.

The plaintiffs say Google “unlawfully opens up, reads, and acquires the content of people’s private email messages” in violation of California’s privacy laws and federal wiretapping statutes. The lawsuit notes that the company even scans messages sent to any of the 425 million active Gmail users from non-Gmail users who never agreed to the company’s terms.

“This company reads, on a daily basis, every email that’s submitted, and when I say read, I mean looking at every word to determine meaning,” said Texas attorney Sean Rommel, who is co-counsel suing Google.

And Rommel said “the data that’s being amassed by this company” could be used for more than just targeting advertising, although the parts of the lawsuit discussing what more Google might be doing with private information is currently under seal.

“The injury is two-fold: the privacy invasion and the loss of property. Google is taking people’s property because they can get it for free as opposed to paying for it,” said Rommel.

Judge Lucy Koh said she would consider Google’s request to terminate the case, but she said she is also interested in scheduling a trial for next year, indicating she is unlikely to dismiss. She did not say when she would decide.

Scrutinizing Google’s privacy policy, Koh noted that it doesn’t specify that Google is scanning Gmail when it describes the type of information it’s collecting.

“Why wouldn’t you just say ‘the content of your emails?'” she asked.

Google attorney Whitty Somvichian said that the company is attempting to have a single privacy policy for all of its services, meaning it didn’t separately reference every single product.

But he said it’s “inconceivable” that someone using a Gmail account would not be aware that the information in their email would be known to Google.

Google has repeatedly described how it targets its advertising based on words that show up in Gmail messages. For example, the company says if someone has received a lot of messages about photography or cameras then it might display an advertisement from a local camera store. Google says the process is fully automated, “and no humans read your email…”

“Users, while they’re using their Google Gmail account, have given Google the ability to use the emails they send and receive for providing that service,” Somvichian said in court. “They have not assumed the risk that Google will disclose their information and they fully retain the right to delete their emails.”

Privacy advocates have long questioned the practice, and were closely watching the lawsuit.

“In this Gmail case Google is trying to argue that its technology is exempt from privacy and wiretap laws. If they win, it will set a horrible precedent that they will try to apply to other Google technologies greatly threatening consumers’ privacy rights,” Consumer Watchdog Privacy Project director John Simpson said on Thursday.

]]>http://www.macleans.ca/general/google-says-it-has-right-to-scan-peoples-gmail-accounts/feed/3Canadian poll shows split on whether it’s OK for gov’t to spy on citizens onlinehttp://www.macleans.ca/news/canadian-poll-shows-split-on-whether-its-ok-for-govt-to-spy-on-citizens-online/
http://www.macleans.ca/news/canadian-poll-shows-split-on-whether-its-ok-for-govt-to-spy-on-citizens-online/#commentsWed, 28 Aug 2013 20:17:24 +0000http://www2.macleans.ca/?p=417109TORONTO – Canadians who were recently surveyed about online privacy were split on whether they approved of governments reading their email.
The poll, commissioned by the Canadian Internet Registration Authority,…

]]>TORONTO – Canadians who were recently surveyed about online privacy were split on whether they approved of governments reading their email.

The poll, commissioned by the Canadian Internet Registration Authority, asked if “it is acceptable or unacceptable for governments to monitor everyone’s email and other online activities.”

About 49 per cent of respondents said it was “completely unacceptable,” about 47 per cent of those surveyed said it was “acceptable in some circumstances,” and about four per cent said it was “completely acceptable.”

When asked if government surveillance would be appropriate if it could prevent terrorist attacks, about 13 per cent said it would be completely acceptable, about 64 per cent said it would be acceptable in some circumstances, and 23 per cent said it would still be completely unacceptable.

The results suggest Canadians are surprisingly apathetic about their privacy, said Byron Holland, president of the Canadian Internet Registration Authority, which manages the .ca domain name registry and works to develop policies “that support Canada’s Internet community.”

“I think it’s fair to say that most of us here and many of us deeper in the Internet community were surprised by Canadians’ willingness to give up privacy in the interests of safety,” Holland said.

About 39 per cent of those polled indicated they believed they were already being monitored by the government in some way, while about 15 per cent didn’t believe that to be true. About 46 per cent weren’t sure either way.

Holland said he has no reason to believe Canadians are currently being spied on by government agencies online but added it’s still important for citizens to have a conversation about their privacy expectations.

“It’s certainly my understanding in the Canadian landscape that we’re not doing anything like the Americans are doing,” he said in reference to the U.S. National Security Agency’s PRISM surveillance program, which was exposed by former contractor Edward Snowden.

“As a very interested citizen in the Internet ecosystem we’re just trying to spur that discussion because Canadians currently have a very different regime than the U.S. does. But is that the regime that we want to have? We should be thinking about it.”

The poll of 1,134 Canadians was conducted by Ipsos Reid between July 24 and 28.

The polling industry’s professional body, the Marketing Research and Intelligence Association, says online surveys cannot be assigned a margin of error because they do not randomly sample the population.

Other results from the poll:

63 per cent of respondents believed their Internet service provider and other companies were tracking their activities online

18 per cent believed their Internet activity was completely confidential

43 per cent assumed the government was tracking certain search terms

63 per cent believed the government was collecting information on the visitors of certain websites

40 per cent believed the government was saving Internet activity data to be reviewed in the future

]]>http://www.macleans.ca/news/canadian-poll-shows-split-on-whether-its-ok-for-govt-to-spy-on-citizens-online/feed/4Hire that Facebook party animalhttp://www.macleans.ca/work/jobs/hire-that-facebook-party-animal/
http://www.macleans.ca/work/jobs/hire-that-facebook-party-animal/#commentsMon, 22 Jul 2013 13:54:00 +0000http://www2.macleans.ca/?p=405624Don't be afraid of the job applicant with a beer in both hands

One morning in 2011, a 24-year-old Georgia high school teacher named Ashley Payne was called down to the office of her school’s principal and given an ultimatum. She could resign from her position or be fired. She hadn’t looked at a student the wrong way or practised corporal punishment. She had had a drink. To be precise, she had two—a glass of wine and a pint of beer, simultaneously, on a European vacation in 2009. The problem, though, was that a picture of this minor indulgence made its way onto Facebook, where—despite Payne using the site’s highest privacy settings—someone saw it, and brought it to the attention of the school’s principal. Payne took the high road: She resigned.

The “Facebook firing” is now an unfortunate fixture in Western professional culture, a warning to the working population at large that normal social behaviour, when captured and chronicled online, is aberrant and offensive. Having a beer after work—sometimes with your colleagues—is a socially acceptable activity. But upload a picture of that socially acceptable activity onto the Internet and it is rendered unacceptable. More than half of modern-day employers screen job applicants’ social media profiles for pictures like the one that implicated Payne, which means that this trend in cyberprohibition isn’t just getting people fired—it’s preventing them from getting hired, as well.

The logic behind this brand of professional prudishness, however maddening, is fairly simple. It’s not the beer-drinking itself that throws employers off; it’s the supposed lack of judgment inherent in making your beer-drinking public. The assumption is that if you lack judgment in this element of your life, you’ll lack it somewhere else, too—perhaps at work. This assumption, however, is deeply flawed.

A new study by psychology researchers at North Carolina State University suggests that employers who overlook otherwise capable job candidates because of “photos and text-based references to alcohol” may do so at their own peril. Researchers Will Stoughton, Lori Foster Thompson and Adam Meade collected personality data and social media behaviour data on a group of 175 university students.

“There are lots of articles giving guidance [to job candidates], saying, ‘Clean up your Facebook profiles,’ but we were interested in providing some data for employers to think about,” says Foster Thompson. “What we found,” she says, “is that people who post pictures of beer are no less conscientious,” nor are they less likely to make responsible, valuable employees. In fact, “people who are extroverted and more gregarious [qualities employers specifically look for, she says] are most likely to post pictures of beer.” Foster Thompson says the study was inspired in part by the fact that companies spend thousands of dollars developing the perfect social media screening tools, without assessing if their own assumptions about what constitutes a “red flag” are accurate to begin with.

What the study didn’t account for, however, are employers—most of them younger—who have embraced reality on their own. For Michael Morozov, the 23-year-old owner of a Toronto window-cleaning company called Gold Standard, what is to traditionalists a red flag is to him a good omen. Morozov employs door-to-door salespeople and he has an unusual but refreshing hiring criterion. “I prefer that salespeople are party animals,” he says. “If you have a guy who goes clubbing, it shows confidence. This is sales.” His own findings seem to support Foster Thompson’s research: “Some of the most talented people we have, if you looked at their Facebook pictures, you’d never hire them.”

According to business development consultant Kaelah Russell (she interviews employers to gauge what they’re looking for) at IQ Partners, a Toronto headhunting firm, “younger employers are probably more understanding if there are pictures of people out partying. For the most part, they’re easygoing and flexible.”

Someone has to be. If posting pictures of a social night out ups your chances of being an extroverted, gregarious person, then abstaining from the same behaviour actually lessens them.

I have several friends who have just completed teachers’ college, some of whom have or are currently looking for jobs. They have heard Payne’s story and others like it, and they are afraid. One in particular cowers every time someone pulls a camera or smartphone out at a party. Like a Disney-owned Miley Cyrus, she won’t be seen in public smoking or drinking. It’s utterly backwards that a culture so social is at once so introverted and puritan—that job candidates who are now expected to be social media whiz kids must also be social media shut-ins. And all in fear of a glass of beer.

]]>http://www.macleans.ca/work/jobs/hire-that-facebook-party-animal/feed/20Now you can use Facebook Graph Search (and it can be used on you)http://www.macleans.ca/society/technology/now-you-can-use-facebook-graph-search-and-it-can-be-used-on-you/
http://www.macleans.ca/society/technology/now-you-can-use-facebook-graph-search-and-it-can-be-used-on-you/#commentsTue, 09 Jul 2013 16:49:18 +0000http://www2.macleans.ca/?p=403271Jesse Brown on privacy concerns with the new tool

Earlier this year I wrote about Facebook’s Graph Search, a new feature that lets users perform highly specific searches based on highly personal information. For example, you can sift through all of Facebook to find, say, “Men who work at City Hall Toronto who like football and crack cocaine.” In the next few weeks, Graph Search will move from beta to prime-time, and every Facebook user whose language is set to U.S. English (the default in English-speaking Canada) will get access to it.

Don’t get too excited. As I wrote in January, Graph Search is a highly limited tool. The problem, of course, is that it relies on people accurately indexing themselves. Civil servants who actually like crack are unlikely to say so on Facebook (the above search yields zero results). Meanwhile, the 774 people who clicked that they “like” crack on Facebook probably did so ironically. In other words, in the case of many graph searches, you almost certainly won’t find the people you’re looking for, but you’ll likely find people who you aren’t looking for.

That makes Graph Search somewhat useless — but it doesn’t make it harmless.

A clever online satirist named Tom Scott decided to twist Graph Search towards its most inappropriate extremes. His Tumblr, Actual Facebook Graph Searches, includes these gems:

Married people who like prostitutes (more than 100 people)

Islamic men interested in men who live in Tehran, Iran (more than 1,000 people)

Single women who live nearby and who are interested in men and like Getting Drunk! (more than 100 people)

Once again, these results, I suspect, are not very accurate. Any married man who publicly expresses a fondness for prostitutes is probably making a dumb joke. A Muslim Iranian male who expresses his interest in other men might have a different understanding of “interested in” than we do. There is one honest set of Graph Search results above; women who describe themselves as single, straight and fond of inebriation are likely self-reporting truthfully on all counts. But this search produces results that are more misleading than false. I suspect that “nearby” guys will get the idea that these women are looking for action from them, and I suspect that they are wrong. Similarly, if Islamic officials in Tehran go on a Graph Search hunt for local homosexuals, they may not find the “right” targets. But they will find targets.

The ongoing history of Facebook continues to be one of warped contexts. When Timeline was rolled out, messages we posted on each other’s walls in years past were given new and more prominent placement. Thousand of us swore that our private messages were being publicly posted, but this turned out to be untrue. But what we posted to a friend’s page in 2009, when Facebook was a hangout for our immediate peer group, was very different than what we want on our own profile today, when years worth of personal and professional relationships share the space.

Similarly, our old pokes, ninja-kicks, Words with Friends scores and ironic Justin Bieber appreciations may follow and haunt us as Facebook finds new ways to mix and mash our data.

After nearly two years of meetings, the online ad industry and privacy advocates in the U.S. are no closer to establishing a “do-not-track” protocol that would govern when, and how, personal data can be collected from web surfers.

So Mozilla, the non-profit maker of the popular Firefox browser, has taken matters into its own hands. It’s planning to go ahead with a special default plug-in that will automatically block cookies, the tiny bits of code that are quietly deposited on users’ computers so they can be followed around online. (Apple’s Safari browser also blocks third-party cookies.)

The move has been called a “nuclear first strike” against the online ad industry, which argues that personal data—everything from geographic locations to browsing histories—are needed to better target the ads that pay for web content. But Internet users have concerns of their own. And now Firefox is giving them a way to make their voices heard—or, at least, their personal information hidden.

]]>http://www.macleans.ca/economy/business/the-cookies-crumble/feed/1Like profit-driven companies, U.S. government mining Big Datahttp://www.macleans.ca/news/like-profit-driven-companies-u-s-government-mining-big-data/
http://www.macleans.ca/news/like-profit-driven-companies-u-s-government-mining-big-data/#respondFri, 07 Jun 2013 15:42:48 +0000http://www2.macleans.ca/?p=392807SAN FRANCISCO – With every phone call they make and every Web excursion they take, people are leaving a digital trail of revealing data that can be tracked by profit-seeking…

]]>SAN FRANCISCO – With every phone call they make and every Web excursion they take, people are leaving a digital trail of revealing data that can be tracked by profit-seeking companies and terrorist-hunting government officials.

The revelations that the National Security Agency is perusing millions of U.S. customer phone records at Verizon Communications and snooping on the digital communications stored by nine major Internet services illustrate how aggressively personal data is being collected and analyzed.

Verizon is handing over so-called metadata, excerpts from millions of U.S. customer records, to the NSA under an order issued by the secretive Foreign Intelligence Surveillance Court, according to a report in the British newspaper The Guardian. The report was confirmed Thursday by Sen. Dianne Feinstein, D-Calif., who chairs the Senate Intelligence Committee.

Former NSA employee William Binney told The Associated Press that he estimates the agency collects records on 3 billion phone calls each day.

The NSA and FBI appear to be looking even wider under a clandestine program code-named “PRISM” that was revealed in a story posted late Thursday by The Washington Post. PRISM gives the U.S. government access to email, documents, audio, video, photographs and other data belonging to foreigners on foreign soil who are under investigation, according to The Washington Post. The newspaper said it reviewed a confidential roster of companies and services participating in PRISM. The companies included AOL Inc., Apple Inc., Facebook Inc., Google Inc., Microsoft Corp., Yahoo Inc., Skype, YouTube and Paltalk.

In statements, Apple, Facebook, Google, Microsoft and Yahoo said they only provide the government with user data required under the law. (Google runs YouTube and Microsoft owns Skype.) AOL and Paltalk didn’t immediately respond to inquiries from The Associated Press.

The NSA isn’t getting customer names or the content of phone conversations under the Verizon court order, but that doesn’t mean the information can’t be tied to other data coming in through the PRISM program to look into people’s lives, according to experts.

Like pieces of a puzzle, the bits and bytes left behind from people’s electronic interactions can be cobbled together to draw conclusions about their habits, friendships and preferences using data-mining formulas and increasingly powerful computers.

It’s all part of a phenomenon known as “Big Data,” a catchphrase increasingly used to describe the science of analyzing the vast amount of information collected through mobile devices, Web browsers and check-out stands. Analysts use powerful computers to detect trends and create digital dossiers about people.

The Obama administration and lawmakers privy to the NSA’s surveillance aren’t saying anything about the collection of the Verizon customers’ records beyond that it’s in the interest of national security. The sweeping court order covers the Verizon records of every mobile and landline phone call from April 25 through July 19, according to The Guardian.

It’s likely the Verizon phone records are being matched with an even broader set of data, said Forrester Research analyst Fatemeh Khatibloo.

“My sense is they are looking for network patterns,” she said. “They are looking for who is connected to whom and whether they can put any timelines together. They are also probably trying to identify locations where people are calling from.”

Under the court order, the Verizon records include the duration of every call but not the locations of mobile calls.

The location information is particularly valuable for cloak-and-dagger operations like the one the NSA is running, said Cindy Cohn, a legal director for the Electronic Frontier Foundation, a digital rights group that has been fighting the government’s collection of personal phone records since 2006. The foundation is currently suing over the government’s collection of U.S. citizens’ communications in a case that dates back to the administration of President George W. Bush.

“It’s incredibly invasive,” Cohn said. “This is a consequence of the fact that we have so many third parties that have accumulated significant information about our everyday lives.”

It’s such a rich vein of information that U.S. companies and other organizations now spend more than $2 billion each year to obtain third-party data about individuals, according to Forrester Research. The data helps businesses target potential customers. Much of this information is sold by so-called data brokers such as Acxiom Corp., a Little Rock, Ark., company that maintains extensive files about the online and offline activities of more than 500 million consumers worldwide.

The digital floodgates have opened during the past decade as the convenience and allure of the Internet —and sleek smartphones— have made it easier and more enjoyable for people to stay connected wherever they go.

“I don’t think there has been a sea change in analytical methods as much as there has been a change in the volume, velocity and variety of information and the computing power to process it all,” said Gartner analyst Douglas Laney.

In a sign of the NSA’s determination to vacuum up as much data as possible, the agency has built a data centre in Bluffdale, Utah that is five times larger than the U.S. Capitol —all to sift through Big Data. The $2 billion centre has fed perceptions that some factions of the U.S. government are determined to build a database of all phone calls, Internet searches and emails under the guise of national security. The Washington Post’s disclosure that both the NSA and FBI have the ability to burrow into computers of major Internet services will likely heighten fears that U.S. government’s Big Data is creating something akin to the ever-watchful Big Brother in George Orwell’s “1984” novel.

“The fact that the government can tell all the phone carriers and Internet service providers to hand over all this data sort of gives them carte blanche to build profiles of people they are targeting in a very different way than any company can,” Khatibloo said.

In most instances, Internet companies such as Google, Facebook and Yahoo are taking what they learn from search requests, clicks on “like” buttons, Web surfing activity and location tracking on mobile devices to figure out what their users like and divine where they are. It’s all in aid of showing users ads about products likely to pique their interest at the right time. The companies defend this kind of data mining as a consumer benefit.

Google is trying to take things a step further. It is honing its data analysis and search formulas in an attempt to anticipate what an individual might be wondering about or wanting.

Other Internet companies also use Big Data to improve their services. Video subscription service Netflix takes what it learns from each viewer’s preferences to recommend movies and TV shows. Amazon.com Inc. does something similar when it highlights specific products to different shoppers visiting its site.

The federal government has the potential to know even more about people because it controls the world’s biggest data bank, said David Vladeck, a Georgetown University law professor who recently stepped down as the Federal Trade Commission’s consumer protection director.

Before leaving the FTC last year, Vladeck opened an inquiry into the practices of Acxiom and other data brokers because he feared that information was being misinterpreted in ways that unfairly stereotyped people. For instance, someone might be classified as a potential health risk just because he or she bought products linked to increased chance of heart attack. The FTC inquiry into data brokers is still open.

“We had real concerns about the reliability of the data and unfair treatment by algorithm,” Vladeck said.

Vladeck stressed he had no reason to believe that the NSA is misinterpreting the data it collects about people. He finds some comfort in The Guardian report that said the Verizon order had been signed by Foreign Intelligence Surveillance Court Judge Ronald Vinson.

The NSA “differs from a commercial enterprise in the sense that there are checks in the judicial system and in Congress,” Vladeck said. “If you believe in the way our government is supposed to work, then you should have some faith that those checks are meaningful. If you are skeptical about government, then you probably don’t think that kind of oversight means anything.”

]]>http://www.macleans.ca/news/like-profit-driven-companies-u-s-government-mining-big-data/feed/0Who cares more about online privacy: teens or adults?http://www.macleans.ca/society/technology/who-cares-more-about-online-privacy-teens-or-adults/
http://www.macleans.ca/society/technology/who-cares-more-about-online-privacy-teens-or-adults/#commentsThu, 30 May 2013 19:22:04 +0000http://www2.macleans.ca/?p=389724Jesse Brown on how the latest research challenges perceptions about teens and social media

Let me qualify that. Teens care about protecting their privacy from the prying eyes of parents, teachers, and unwelcome peers. 91 per cent of them couldn’t care less about Big Data privacy loss, the accumulation of information about them by companies like Google and Facebook. Perhaps this is short-sighted, or perhaps it’s entirely rational. After all, Google never called anyone a slut in class, or withheld anyone’s allowance after snooping drunken party pics.

Here are some key findings of the survey of 802 U.S. teens:

91 per cent post a photo of themselves to their social media profiles, up from 79 per cent in 2006.

53 per cent post their email address, up from 29 per cent.

20 per cent post their cell phone number, up from 2 per cent.

Sure, all of that confirms stereotypes of teens as increasingly vain and reckless narcissists, unwittingly endangering themselves online. But check this additional data out:

60 per cent of teens set their Facebook profiles to private (friends only)

56 per cent of teen Facebook users say it’s “not difficult at all” to manage the privacy controls on their Facebook profile.

33 per cent of Facebook-using teens say it’s “not too difficult.”

Compare those stats to these numbers, the result of a summer 2012 Consumer Reports survey of more than 2,000 adults:

28 percent of adults shared all, or almost all, of their wall posts with an audience wider than just their friends.

an estimated 13 million adults had never set, or didn’t know about Facebook’s privacy tools.

The biggest discrepancies between teens and adults when it comes to online privacy probably have nothing to do with Facebook. As parents and grandparents party poop Facebook with their latecomer profiles, teens are abandoning their FB accounts and flocking to amnesia-apps like Snapchat, where pics, texts and videos self-destruct seconds after recipients view them.

Snapchat has quickly exploded in popularity, with over 100 million messages sent a day. I can’t find any data on the average age of a Snapchat user, but it’s widely regarded as a teenager’s app. I can’t say how accurate that characterization is, but I can tell you that nobody among my smart-phone attached group of age 30+ friends and family seem to have heard of Snapchat.

The app has inspired some sneers. Some call it “the sexting app,” while others gleefully point out how supposedly deleted Snapchat messages can be retrieved. The truth is, anything that passes through a device can potentially be captured and preserved. The real point of the Snapchat trend, as the Pew/Berkman research suggests, is that teens aren’t the ignorant, chronic exhibitionists they’ve been maligned as. Instead, they are the most privacy-literate users among us, the first demographic to adopt pro-privacy tools en masse, and the market segment creating the most demand for new tools that actually prioritize security and discretion.

]]>NEW YORK, N.Y. – Facebook says that an independent audit found its privacy practices sufficient during a six-month assessment period that followed a settlement with federal regulators.

Facebook Inc. said it submitted the findings to the Federal Trade Commission on Monday evening. The audit was a required part of the social networking company’s settlement with the FTC last summer. The settlement resolved charges that Facebook exposed details about its users’ lives without getting the required legal consent.

Facebook provided a copy of its letter to the FTC, along with a redacted copy of the auditor’s letter, to The Associated Press on Wednesday. The redacted portion contains trade secret information and does not alter the auditor’s findings, the company said. The audit, which found that Facebook’s privacy program met or exceeded requirements under the FTC’s order, covered written policies as well as samples of its data.

“We’re encouraged by this confirmation that the controls set out in our privacy program are working as intended,” said Erin Egan, Facebook’s chief privacy officer for policy,” in an emailed statement. “This assessment has also helped us identify areas to work on as Facebook continues to evolve as a company, and improve upon the privacy protections we already have in place. We will keep working to meet the changing and evolving needs of our users and to put user privacy and security at the centre of everything we do.”

Facebook did not disclose the full, 79-page report or specific details on shortcomings in its privacy practices that were revealed by the audit. Spokeswoman Jodi Seth said Facebook declined to disclose such details “based on contractual obligations and the possibility of security and competitive vulnerabilities.”

The company has asked the FTC to keep the redacted information private, saying it would put it and its auditor at a competitive disadvantage and because it could reveal possible limitations of its privacy program.

The name of the accounting firm is also redacted but that information will be released when the FTC responds to the audit.

A representative for the FTC did not immediately return a message for comment on Thursday morning.

Facebook has made several high-profile mistakes over user privacy, especially in its early years. Much of the FTC’s complaint against the company centred on a series of changes that Facebook made to its privacy controls in late 2009. The revisions automatically shared information and pictures about Facebook users, even if they previously programmed their privacy settings to shield that content. Among other things, people’s profile pictures, lists of online friends and political views were suddenly available for the world to see, the FTC alleged.

The complaint also charged that Facebook shared users’ personal information with third-party advertisers from September 2008 through May 2010 despite several public assurances from company officials that it wasn’t passing the data along for marketing purposes. Facebook said this only happened in limited instances.

Facebook did not admit any wrongdoing as part of the settlement, but it agreed to submit to audits of its privacy practices for 20 years. This was the first of those audits. Google Inc. earlier agreed to a similar settlement, but was fined $22.5 million last August to resolve allegations that it did not comply with it.

Leigh Bryan, a 26-year-old bar manager from Coventry, England, had booked a hotel on Hollywood Boulevard and was looking forward to some wild times in California. Instead, after showing his passport at the L.A. airport, he was taken to a holding room, questioned for five hours, then handcuffed, jailed overnight and flown home the next morning. U.S. authorities had red-flagged Bryan because of tweets he’d sent to a friend in Britain three weeks earlier. One read: “Free this week for a gossip/prep before I go destroy America? X.” Another message, referencing TV’sFamily Guy, said he’d be “on Hollywood Blvd and diggin’ Marilyn Monroe up!” At the airport, Bryan tried to explain that “destroy” was English slang for drunken partying, and that he had no intention of disinterrring a screen legend, but U.S. officials didn’t buy it.

Bryan is not alone. InTerms and Conditions May Apply, a documentary feature showing next week at Toronto’s Hot Docs festival, his case is one of several absurd stories about innocents targeted by police or government agencies trolling personal Internet accounts. This witty yet chilling film presents a dire portrait of how, with just a few keystrokes, we surrender our privacy to a brave new world of state surveillance beyond anything George Orwell ever dreamed of.

We all do it routinely. You download an app, upgrade some software, register on a website and up comes that mass of fine print called the “terms of service” contract. Without reading it, you scroll to the bottom and click on “I agree.”

The documentary, directed by Cullen Hoback, a 31-year-old American, presents an alarming view of how much ground such contracts cover. As a prank, a site called Gamestation put a clause in its user agreement for one day only: “By placing an order via this website, you agree to grant us a no-transferable option to claim, now and forever more, your immortal soul.” That day, the site raked in 7,000 immortal souls.

By now, many people are aware that data mining is a growth industry, and that all kinds of companies tap online activity to track and target consumer-buying habits. But Terms and Conditions addresses a more sinister trend: Google and Facebook are serving up reams of private data to police and intelligence agencies such as the CIA, NSA and FBI, under terms of service that strip users of any right to privacy. “Twitter is one of the only companies that has stood up for users’ rights,” Hoback told Maclean’s, calling Facebook one of the worst violators. “I think we’ll see a social-media tool in the future that will have privacy at the forefront. But Facebook is a virtual public utility.”

In North America, Facebook is not obliged to give users their own data. European law, however, is stricter. Austria’s Max Schrems sued the company to obtain three years of his Facebook data, and it amounted to some 1,000 pages, even though he was just a once-a-week user. Schrems says that even after users delete their data, Facebook can access it, and so can the government. Google is another open-pit data mine. In the film, U.S. screenwriter Jerome Schwartz says that a heavily armed police SWAT team invaded his home after he’d done a few Google searches for “how to kill your wife.” He had been researching a script for the TV drama Cold Case.

Freedom fighting in cyberspace has changed in the past decade. Two other Hot Docs films—Downloaded and TPB AFK: The Pirate Bay Away from Keyboard—show how anarchist geeks pioneered social media with file-sharing sites like Napster that envisioned a utopia of universally free information. Under pressure from the music business, authorities shut them down. Now the authorities, allied with the geeks’ corporate successors, are engaged in their own form of piracy—hoarding a vast booty of personal data.

But surveillance can swing both ways. In his film, Hoback ambushes Facebook CEO Mark Zuckerberg on the sidewalk outside his home. “Are you guys recording?” asks a peeved Zuckerberg. “Can you please not?” Hoback obliges and turns off the camera, which produces a smile from Zuckerberg. But the filmmaker neglects to inform him that he’s wearing spy-cam eyeglasses.

]]>http://www.macleans.ca/culture/beware-of-geeks-bearing-gifts/feed/6Social media study incomplete without Twitter, MPs want service to testifyhttp://www.macleans.ca/general/social-media-study-incomplete-without-twitter-mps-want-service-to-testify/
http://www.macleans.ca/general/social-media-study-incomplete-without-twitter-mps-want-service-to-testify/#respondWed, 28 Nov 2012 01:06:02 +0000http://www2.macleans.ca/?p=320208OTTAWA – NDP MP Charlie Angus may not need Twitter, but he says Canadians need to know more about how the social media company protects their privacy.
Angus publicly quit…

]]>OTTAWA – NDP MP Charlie Angus may not need Twitter, but he says Canadians need to know more about how the social media company protects their privacy.

Angus publicly quit using the microblogging site earlier this year, likening it to being badgered by a drunk on a 24-hour bus ride.

But he says that a House of Commons study on privacy and social media requires the company’s input.

A Commons committee decided last May to study the steps being taken by social media companies to protect the personal information of Canadians.

It followed high-profile interventions by Canada’s privacy commissioner on the use of personal data by sites like Google and Facebook.

Both companies have appeared before the committee, but NDP MP Charmaine Borg says Twitter refused.

The company couldn’t immediately be reached for comment.

The committee has now agreed to send a formal letter asking Twitter to testify.

Angus said Google and Facebook has supported the study, but the committee needs to go further.

“We’re not going to have a full sense unless we have the main players,” said Angus. “We need Twitter.”

The motion to formally call Twitter to testify came after a representative from Facebook took committee members through that company’s privacy policies.

Facebook’s relationship with Canada’s privacy commissioner is robust, said Robert Sherman, manager of privacy and public policy for the social networking giant.

“We found that we have had a very positive relationship with her office and have been able to discuss many of the issues and products that we’ve been coming out with her office and get their feedback,” Sherman said.

“That’s been a very positive relationship and I think you’ll see that many of the innovations around privacy have come out of our discussions with her.”

Canadians are heavy users of social media.

A Paris-based analyst group reported in July that there are just over 10 million Twitter accounts based in Canada.

Another analytics company said earlier this year that Facebook has about 18 million Canadian users, more than half the country’s total population.

]]>http://www.macleans.ca/general/social-media-study-incomplete-without-twitter-mps-want-service-to-testify/feed/0Facebook faces backlash over decision to halt privacy voteshttp://www.macleans.ca/general/facebook-faces-backlash-over-decision-to-halt-privacy-votes/
http://www.macleans.ca/general/facebook-faces-backlash-over-decision-to-halt-privacy-votes/#respondThu, 22 Nov 2012 14:53:52 +0000http://www2.macleans.ca/?p=318039Facebook wants to remove its current process that lets users vote on changes to its data privacy policy, in a move that has prompted criticism from many users.
In an…

]]>Facebook wants to remove its current process that lets users vote on changes to its data privacy policy, in a move that has prompted criticism from many users.

In an email sent to all users late Wednesday and early Thursday, Facebook said: “We deeply value the feedback we receive from you during our comment period but have found that the voting mechanism created a system that incentivized quantity of comments over the quality of them. So, we are proposing to end the voting component in order to promote a more meaningful environment for feedback.”

According to Mashable, part of the reason for the change is that so few users took advantage of the voting component during past votes.

“In June, the company proposed two alternative versions of its statement of rights and responsibilities, and let users vote on them for a whole week. A mere 342,632 cast their ballots,” writes Chris Taylor. “That was roughly one in every 2,600 users — or 0.038% of Facebook’s population at the time.”

The email sent to users says they are able to give feedback on the Facebook Site Governance page until Nov. 28 and the Our Policy website is urging at least 7,000 users to post the statement before the deadline.

Another change cited in the email says that users will soon be able to submit privacy concerns and questions to Facebook’s chief privacy officer of policy.

If proposed privacy changes go through, they would allow Facebook to better share user data with affiliate businesses, including Instagram, which it bought for $1 billion in April, reports Wired UK.